gnu-social/plugins/StrictTransportSecurity
Diogo Cordeiro 8c0601816f [CORE] Move core plugins to a new modules directory
For reference (raised by rozzin in IRC):

* http://foldoc.org/module
* http://foldoc.org/library
* http://foldoc.org/plugin

As noted by XRevan86, modules are not necessarily non-essential.
As we will keep the modules directory in GS root [therefore, near to
plugins/], it is evidenced the difference between both.

This is a simple yet fundamental structural change. It doesn't change
functionality but makes clearer the way we understand GNU social's
internals.
2019-08-22 03:13:58 +01:00
..
locale [CORE] Move core plugins to a new modules directory 2019-08-22 03:13:58 +01:00
README Either use or don't use HTTPS 2016-02-10 00:57:39 +01:00
StrictTransportSecurityPlugin.php [VersionBump] 1.19.0, fairly late 2019-06-07 15:02:08 +01:00

The Strict Transport Security plugin implements the Strict Transport Security header, improving the security of HTTPS only sites.
See http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html for the specification.

Installation
============
add "addPlugin('strictTransportSecurity');"
to the bottom of your config.php

The plugin will not do anything unless:
$config['site']['ssl'] is set to something other than 'never'
$config['site']['path'] is either not set, empty, or '/'

Settings
========
max_age (15552000): sets how long to remember the forced HTTPS (seconds) (15552000 seconds is 180 days)
includeSubDomains (false): if set, then STS will apply to all the sub-domains too.

Example
=======
addPlugin('strictTransportSecurity');